Modify dbus policies based on default deny

Change-Id: Ica9116aaf08d294f013e048dccccaec75566cfa4

diff --git a/ag-agent/bluetooth-ag-agent.conf.in b/ag-agent/bluetooth-ag-agent.conf.in
index eeb652b..12986d7 100644 (file)
--- a/ag-agent/bluetooth-ag-agent.conf.in
+++ b/ag-agent/bluetooth-ag-agent.conf.in
@@ -3,7 +3,9 @@
 <busconfig>
     <policy context="default">
         <deny own="org.bluez.ag_agent"/>
+        <deny send_destination="org.bluez.ag_agent"/>
         <allow send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface"/>
+        <allow send_destination="org.bluez.ag_agent" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"/>
         <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="CheckPrivilege" privilege="http://tizen.org/privilege/bluetooth.admin" />
         <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="Play" privilege="http://tizen.org/privilege/bluetooth.admin" />
         <check send_destination="org.bluez.ag_agent" send_interface="Org.Hfp.App.Interface" send_member="Stop" privilege="http://tizen.org/privilege/bluetooth.admin" />

diff --git a/hf-agent/bluetooth-hf-agent.conf.in b/hf-agent/bluetooth-hf-agent.conf.in
index d98f2a9..3429a32 100644 (file)
--- a/hf-agent/bluetooth-hf-agent.conf.in
+++ b/hf-agent/bluetooth-hf-agent.conf.in
@@ -3,7 +3,9 @@
 <busconfig>
     <policy context="default">
         <deny own="org.bluez.hf_agent"/>
+        <deny send_destination="org.bluez.hf_agent"/>
         <allow send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp"/>
+        <allow send_destination="org.bluez.hf_agent" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"/>
         <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="AnswerCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
         <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="TerminateCall" privilege="http://tizen.org/privilege/bluetooth.admin" />
         <check send_destination="org.bluez.hf_agent" send_interface="org.tizen.HfApp" send_member="InitiateCall" privilege="http://tizen.org/privilege/bluetooth.admin" />

diff --git a/hid-agent/CMakeLists.txt b/hid-agent/CMakeLists.txt
index 0c5da53..7e458f9 100644 (file)
--- a/hid-agent/CMakeLists.txt
+++ b/hid-agent/CMakeLists.txt
@@ -38,3 +38,4 @@ ENDIF (BUILD_GTESTS)
 INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin)
 INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/org.bluez.hid_agent.service
                DESTINATION share/dbus-1/system-services)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/bluetooth-hid-agent.conf DESTINATION /etc/dbus-1/system.d)

diff --git a/hid-agent/bluetooth-hid-agent.conf b/hid-agent/bluetooth-hid-agent.conf
new file mode 100644 (file)
index 0000000..bfe5986
--- /dev/null
+++ b/hid-agent/bluetooth-hid-agent.conf
@@ -0,0 +1,15 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy context="default">
+        <deny own="org.bluez.hid_agent"/>
+        <deny send_destination="org.bluez.hid_agent"/>
+        <allow send_destination="org.bluez.hid_agent" send_interface="org.tizen.HidApp"/>
+        <allow send_destination="org.bluez.hid_agent" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"/>
+        <check send_destination="org.bluez.hid_agent" send_interface="org.tizen.HidApp" send_member="RegisterApplication" privilege="http://tizen.org/privilege/bluetooth"/>
+        <check send_destination="org.bluez.hid_agent" send_interface="org.tizen.HidApp" send_member="UnregisterApplication" privilege="http://tizen.org/privilege/bluetooth"/>
+    </policy>
+    <policy group="network_fw">
+        <allow own="org.bluez.hid_agent"/>
+    </policy>
+</busconfig>

diff --git a/ipsp-agent/bluetooth-ipsp-agent.conf b/ipsp-agent/bluetooth-ipsp-agent.conf
index a51c25f..3299588 100644 (file)
--- a/ipsp-agent/bluetooth-ipsp-agent.conf
+++ b/ipsp-agent/bluetooth-ipsp-agent.conf
@@ -3,8 +3,18 @@
 <busconfig>
     <policy context="default">
         <deny own="org.projectx.bt_ipsp"/>
-        <allow receive_sender="org.projectx.bt_ipsp"/>
-        <allow send_destination="org.projectx.bt_ipsp"/>
+        <deny send_destination="org.projectx.bt_ipsp"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="EnableIpsp" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="SetIpv6Addr" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="RecoverAdapter" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="ResetAdapter" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="EnableAdapterLe" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="DisableAdapterLe" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="EnableCore" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="SetTransferValue" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.projectx.bt_ipsp" send_interface="org.projectx.bt_ipsp" send_member="FactoryTestMode" privilege="http://tizen.org/privilege/bluetooth.admin"/>
     </policy>
     <policy group="network_fw">
         <allow own="org.projectx.bt_ipsp"/>

diff --git a/map-agent/CMakeLists.txt b/map-agent/CMakeLists.txt
index 653b4b6..c601b53 100644 (file)
--- a/map-agent/CMakeLists.txt
+++ b/map-agent/CMakeLists.txt
@@ -38,3 +38,4 @@ ENDIF (BUILD_GTESTS)
 
 INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin)
 INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/org.bluez.map_agent.service DESTINATION share/dbus-1/system-services)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/bluetooth_map_agent.conf DESTINATION /etc/dbus-1/system.d)

diff --git a/map-agent/bluetooth_map_agent.conf b/map-agent/bluetooth_map_agent.conf
new file mode 100644 (file)
index 0000000..be600b1
--- /dev/null
+++ b/map-agent/bluetooth_map_agent.conf
@@ -0,0 +1,18 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy context="default">
+        <deny own="org.bluez.map_agent"/>
+        <deny send_destination="org.bluez.map_agent"/>
+        <allow send_destination="org.bluez.map_agent" send_interface="org.bluez.MapAgent"/>
+        <allow send_destination="org.bluez.map_agent" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"/>
+        <check send_destination="org.bluez.map_agent" send_interface="org.bluez.MapAgent" send_member="PushMessage" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <check send_destination="org.bluez.map_agent" send_interface="org.bluez.MapAgent" send_member="PushMessageData" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <check send_destination="org.bluez.map_agent" send_interface="org.bluez.MapAgent" send_member="UpdateMessage" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <check send_destination="org.bluez.map_agent" send_interface="org.bluez.MapAgent" send_member="SetReadStatus" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <check send_destination="org.bluez.map_agent" send_interface="org.bluez.MapAgent" send_member="DestroyAgent" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+    </policy>
+    <policy group="network_fw">
+        <allow own="org.bluez.map_agent"/>
+    </policy>
+</busconfig>

diff --git a/packaging/bluetooth-agent.spec b/packaging/bluetooth-agent.spec
index df66624..51e7dbf 100644 (file)
--- a/packaging/bluetooth-agent.spec
+++ b/packaging/bluetooth-agent.spec
@@ -201,6 +201,7 @@ ln -sf %{_libdir}/systemd/system/bluetooth-pbap-agent.service %{_sysconfdir}/sys
 %{_bindir}/bluetooth-map-agent
 %{_datadir}/dbus-1/system-services/org.bluez.map_agent.service
 %{_libdir}/systemd/system/bluetooth-map-agent.service
+%{_sysconfdir}/dbus-1/system.d/bluetooth_map_agent.conf
 
 %files pbap
 %manifest %{name}.manifest
@@ -208,12 +209,14 @@ ln -sf %{_libdir}/systemd/system/bluetooth-pbap-agent.service %{_sysconfdir}/sys
 %{_bindir}/bluetooth-pb-agent
 %{_datadir}/dbus-1/system-services/org.bluez.pb_agent.service
 %{_libdir}/systemd/system/bluetooth-pbap-agent.service
+%{_sysconfdir}/dbus-1/system.d/bluetooth_pb_agent.conf
 
 %files hid
 %manifest %{name}.manifest
 %license LICENSE
 %{_bindir}/bluetooth-hid-agent
 %{_datadir}/dbus-1/system-services/org.bluez.hid_agent.service
+%{_sysconfdir}/dbus-1/system.d/bluetooth-hid-agent.conf
 
 %files ipsp
 %manifest %{name}.manifest

diff --git a/pb-agent/CMakeLists.txt b/pb-agent/CMakeLists.txt
index 01ceade..f983915 100644 (file)
--- a/pb-agent/CMakeLists.txt
+++ b/pb-agent/CMakeLists.txt
@@ -38,3 +38,4 @@ ENDIF (BUILD_GTESTS)
 INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin)
 INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/org.bluez.pb_agent.service
                DESTINATION share/dbus-1/system-services)
+INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/bluetooth_pb_agent.conf DESTINATION /etc/dbus-1/system.d)

diff --git a/pb-agent/bluetooth_pb_agent.conf b/pb-agent/bluetooth_pb_agent.conf
new file mode 100644 (file)
index 0000000..7f25b7d
--- /dev/null
+++ b/pb-agent/bluetooth_pb_agent.conf
@@ -0,0 +1,16 @@
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+    <policy context="default">
+        <deny own="org.bluez.pb_agent"/>
+        <deny send_destination="org.bluez.pb_agent"/>
+        <allow send_destination="org.bluez.pb_agent" send_interface="org.bluez.PbAgent"/>
+        <allow send_destination="org.bluez.pb_agent" send_interface="org.freedesktop.DBus.Properties" send_member="GetAll"/>
+        <check send_destination="org.bluez.pb_agent" send_interface="org.bluez.PbAgent" send_member="AddContact" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <check send_destination="org.bluez.pb_agent" send_interface="org.bluez.PbAgent" send_member="DestroyAgent" privilege="http://tizen.org/privilege/bluetooth.admin"/>
+        <allow send_destination="org.bluez.pb_agent" send_interface="org.bluez.PbAgent.At"/>
+    </policy>
+    <policy group="network_fw">
+        <allow own="org.bluez.pb_agent"/>
+    </policy>
+</busconfig>